Vulnerabilities > Ghost > Ghost > 5.46.1

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-43409 Improper Authentication vulnerability in Ghost
Ghost is a Node.js content management system.
network
low complexity
ghost CWE-287
6.5
2024-02-11 CVE-2024-23724 Cross-site Scripting vulnerability in Ghost
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001.
network
low complexity
ghost CWE-79
critical
9.0
2024-01-21 CVE-2024-23725 Cross-site Scripting vulnerability in Ghost
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js.
network
low complexity
ghost CWE-79
6.1
2023-08-15 CVE-2023-40028 Link Following vulnerability in Ghost
Ghost is an open source content management system.
network
low complexity
ghost CWE-59
6.5